ANN: We're working on a new milter program to replace iRedAPD

[iredmail]

Dear all,

Just want to share with you that we're developing a new milter program to replace iRedAPD, so don't feel sad if not many commits here.

Why?

iRedAPD doesn't get full email message (headers + body), hence it cannot do advanced access control based on info in headers and body. But milter can do this.

More details

• The milter program is written in Golang programming language.
  • The final program is only one binary file, very easy to deploy and upgrade.
  • It's expected to run faster than iRedAPD.
• All iRedAPD plugins will be implemented in first stable release (v1.0).
• Source code will be published when v1.0 is out, all further development will be open source too.
• We accept requests for paid plugin development too.

If you need some new features which are not yet implemented in iRedAPD, reply below to let us know. :)

Updates

• Aug 9: finished milter framework, still tune it and start porting iRedAPD plugins.

TODO

• Plugins:
  • amavisd_wblist
  • greylisting
  • ldap_force_change_password
  • ldap_maillist_access_policy
  • reject_null_sender. Aug 9.
  • reject_sender_login_mismatch
  • senderscore
  • sql_alias_access_policy
  • sql_force_change_password
  • sql_ml_access_policy
  • throttle
  • wblist_rdns
  • whitelist_outbound_recipient
  • reject_to_hostname [Removed in milter]

[gizahNL]

Feature requests:
-Full DKIM/SPF
-Compliant ARC support
-DMARC: handle sending of dmarc responses
-Proper functioning of throttling & such when combined with Dovecot Submission (needed for BURL & such) (see: https://doc.dovecot.org/admin_manual/submission_server/)

[iredmail]

Thanks @gizahNL.

• First stable release of this milter program will just offer same features as iRedAPD.
• DKIM signing / verification, SPF verification, ARC support, DMARC, all these are on our todo list, but each may take some time.

[iredmail]

Request from iRedMail forum: Add Warning/Disclaimer to all email from external domains

• multi-lang support

[iredmail]

Block clients based on country (GeoIP).

[kprkpr]

I don't know if milter is responsible to things like replacing body or adding disclaimers, because having any alternative a bit modern to altermime, witch can add better the disclaimers or edit content... can be great (For example, companies wanting that below signature has to be any image and not below all message, and so on..) altermime at basic funcionality works but I think is somewhat basic

[iredmail]

I don't know if milter is responsible to things like replacing body or adding disclaimers

Yes this is what milter can do.

[thinkwelltwd]

Could the database primary keys be UUID, or some other machine-specific unique value such as snowflakeid? This would help make high-availability setups more achievable.

[iredmail]

SQL high-availability (multi-master) cluster should avoid this issue internally. :)

[thinkwelltwd]

SQL high-availability (multi-master) cluster should avoid this issue internally. :)

Yes, PKs are indeed internal, and Multi Master is an internal detail.

Designing the new database schema with HA in mind is what I'm driving at. Sequences are one of the hard problems with HA and force database replication to be synchronous. Avoiding primary key sequences will make HA / MultiMaster options much more flexible.

Edit:

Here's an example ticket from cockroachdb (largely compatible with postgres) warning that sequences are slower than UUIDs.

Also, on yugabyte (distrbuted SQL db based on postgres), the xCluster limitations for multi-master recommend UUIDs and avoiding sequences.

[iredmail]

MySQL doesn't have column type "uuid", if we store uuid as string in MySQL, it's much slower than BIGINT (as primary key).

[thinkwelltwd]

I'm not advocating for UUID specifically; but rather a non-sequential value with uniqueness properties that make it suitable for generating values on multiple systems.

I'd be well satisfied with snowflakeid, as I'd mentioned in my original post. snowflakeid is stored as bigint, and could be generated in application code, or as a database function.

[iredmail]

Feature request: Add a warning text at the beginning of message body if email is sent from external user.

[iredmail]

Feature request: SRS.

[donatid]

Hello,

Do you have updates and the release schedule on this project?

Thank you

[iredmail]

• Our focus was shifted to the new product (iRedMail Pro[1]) when the milter was about 80% done, now the new product is 70% done.
• We will work out a milter program without any iRedAPD plugins first in about 2 months - since iRedAPD works well and no rush to replace it.

[1] https://docs.iredmail.org/pro.html

iRedMail Pro will combine all features offered by classical shell-based iRedMail installer, iRedMail Easy platform, and iRedAdmin-Pro. All features of iRedMail installer and iRedMail Easy (except support tickets) are 100% done.

[donatid]

Thanks for the explanation. I can't wait for the new milter apps.

[git001]

Sounds really great. I also switched to golang for some tools 😄 https://github.com/git001/caddyv2-upload .
Happy to help if needed

Let me add a plugin request here for the future:
MTA-STS Resolver something like https://github.com/Snawoot/postfix-mta-sts-resolver

[l00v3]

Hello, wandering what is the timeline of the SRS milter program. We have another problem. With SRS checks enabled, we get SPF fails in spamassassin:
FORGED_SPF_HELO=1
SPF_FAIL=0.001 (manually lowered the score)

But it should pass:
Received-SPF: Pass (protection.outlook.com: domain of domain.si designates
195.245.xxx.xxx as permitted sender) receiver=protection.outlook.com;
client-ip=195.245.xxx.xxx; helo=mail.domain.si; pr=C

Quite a lot of legal messages are going into SPAM, and customers are getting annoyed. Because we have a lot of forwarding emails, we cannot disable SRS.
Thank you for checking this one.
T

[l00v3]

Hello @iredmail, are there any news on this?

[iredmail]

Preparing to release milter with just one plugin "reject_forged_sender" in first stable version.

Since iRedAPD is working fine, we tend to replace it slowly to save our time.

let me know if you want to help test it.

[l00v3]

I don't want to be rude or anything, and I know you have a lot of work, but shouldn't this be a quite high priority? And yes, I can help test it.
Also we have @249 issue since the beginning.

[iredmail]

We're busy working on the iRedMail Enterprise Edition (EE) (https://www.iredmail.org/ee.html), and v1.0-beta3 is out today. You can give it a try if you're interested.
https://docs.iredmail.org/install.iredmail.enterprise.html

iRedMail EE combines iRedMail installer + iRedMail Easy platform + iRedAdmin-Pro in one single binary, it's the highest priority.

We will try to finish this milter after iRedMail EE 1.0 stable release. Sorry about this.

[jfwelstead]

Is the new Milter to replace iredAPD on track for release in 2024

[git001]

As there is now EE version 1.0.1 out, what's the plan for the iRedAPD ?

[iredmail]

As there is now EE version 1.0.1 out, what's the plan for the iRedAPD ?

EE will use iRedAPD for some more time, until milter is out and replaces all iredapd features.
Eventually iredapd will be dropped and milter is the future.